<%@ page import="java.sql.PreparedStatement" %>
<%@ page import="java.sql.ResultSet" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@include file="db.jsp"%>
<html>
<head>
    <title>登录</title>
</head>
<body>
<%
    String username=request.getParameter("username");
    String password=request.getParameter("password");
    String msg="";
    if(!(username==null||username.length()==0||password==null||password.length()==0))
    {
        PreparedStatement pstmt=connection.prepareStatement("SELECT * from t_user t WHERE (t.username=? or t.phone=? or t.sno=?) AND t.`password`=?");
        pstmt.setString(1,username);
        pstmt.setString(2,username);
        pstmt.setString(3,username);
        pstmt.setString(4,password);
        try{
            ResultSet rs= pstmt.executeQuery();
            if(rs.next()){
                session.setAttribute("name",rs.getString("name"));
                response.sendRedirect("index.jsp");
            }else{
                msg="用户名密码错误";
            }
        }catch (Exception e){

        }finally {
            connection.close();
        }
    }
%>

<form action="login.jsp">
    <center>
        <span style="color: red;"><%=msg%></span>
        <table>
            <tr>
                <td>用户名：</td>
                <td><input type="text" name="username"></td>
            </tr>
            <tr>
                <td>密码</td>
                <td><input type="password" name="password"></td>
            </tr>
            <tr>
                <td><input type="submit"></td>
                <td><input type="reset"></td>
            </tr>
        </table>
    </center>
</form>

</body>
</html>
